Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

There is an alarming increase of cloned sites on the TOR network

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

July 7, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Internet security observers are warning about a new wave of cloned websites on the TOR network (the dark web), evidence that cybercriminals are setting themselves up to fleece others on the so-called under web.

The latest attack of the clones marks the reappearance of a problem that cropped up before and will most likely reappear very soon.

For example, during Operation Ononymous, the exercise that took down Silk Road 2.0 in November of 2014, news emerged that most of the sites affected by this international law enforcement effort were themselves cloned sites.

Most of the cloned sites were created with Onion Cloner, a tool that makes it easy to impersonate TOR sites and redirect passwords and Bitcoin.

Rapid7’s security engineering manager, Tod Beardsley, said the potential for cloning is greater on the TOR network than the regular internet for several architectural reasons.

"For example, criminals robbing other criminals is about as old as crime itself, and it's an endemic and rapidly growing issue with the dark web,” Beardsley explained.

“Unlike the case with robbing criminals in person, there is no immediate risk of violence, and the methods by which one can rob Dark Web criminals are both well established and they also scale rather easily, on average,” he added.

“While the dark web's hidden services offer a means for strong anonymity for both users and content providers, actually finding anonymous commerce websites can be tricky, and you really need to know how to get around obstacles," he added.

"Of course, the problem is exacerbated by the fact that many don't want to be found by casual users. Of those that do, they need to be listed on a registry or findable by a TOR-based search engine. There are only a handful of these indexers, so compromising or cloning just one can permanently poison a user's experience of the rest of the dark web,” he added.

Compounding the issue even more, there are fewer dark web sites in most cases., one of the more popular indexers, has less than five thousand sites indexed, a figure that compares to millions of online storefronts on the regular web.

“The job of impersonating a sizeable fraction of the entire ‘semi-public’ dark web commerce segment looks positively easy," according to Beardsley.

The issue is worsened because cloned sites are also very difficult to detect from the real thing not the least of which because of a real lack of a dark equivalent to digital certificates for public-facing websites.

“While many dark web hidden services offer the same basic level of cryptography as their clear web counterparts, there is not yet a reasonable mechanism for validating certificates,” Beardsley added.

“There is no dark web-centric central certificate authority per se, since the whole point of TOR is an anonymous, decentralised infrastructure. As a result, the common use case for certificates is a self-signed certificate. Self-signed certificates raise all kinds of warnings in normal browsing, but not so on the dark web, since it's the way things just are over there, and all dark web users already expect that” he concluded.

Overall, cloned sites on the dark web represent a well-known attack technique among its uers. The target segment is very small and the risk of getting caught is very negligible, simply because its victims are unlikely to pursue legal action.

The latest wave of scams was discovered by Juha Nurmi, a founding member of the project. More commentary on the latest wave of TOR fraud can be found in a post by Mark Stockley on the Sophos Naked Security blog.

Source: TOR.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer